Collective Intelligence – OurMine Hacker Group

Living at risk is jumping off the cliff and building your wings on the way down.

– Ray Bradbury

Creative without strategy is called ‘art.’ Creative with strategy is called ‘advertising.’

– Jef I. Richards

This can be philosophy but what we can experience for OurMine Group seems somewhat correlating. Lots of Hackers thinked of the same, OurMine marketing it very Smartly. What they have did so far ? Well, OurMine is the group of hackers who are known for hacking high-profile figures and companies, including Facebook CEO Mark Zuckerberg, Google CEO Sundar Pichai, Twitter CEO Jack Dorsey, Game of Thrones, Sony’s PlayStation Network (PSN), Netflix, the WWE, HBO, and the most recently WikiLeaks. Some of the recent News Buzz about OurMine showing some advancements in the attack methodologies.

This thread is about to grab some collective intelligence about them. First lets start with the recent NewsFlash for OurMine which made some of the publicised attentions.

Hackopedia – Collective Intelligence for OurMine – Till now

On Analysis, observing that OurMine made public appearance on Jan 2016 from Youtube accounts hijacks and then from May 2016 on roller coster ride of Twitter accounts hijacks which ride on serial basis till now making one by one Brand Defacements whether it may be Techie/ Celebrities Twitter Hacks or Famous websites Defacement or Leaking Data of Video Hosting Sites. Lots of reasons unknown about attack methodologies but No Doubt OurMine Group showed lots of variety in attack strategies from Twitter/Linkedin Accounts Hijacked to Data Stolen from Vevo , HBO.One theory states that, One of the Key reason for Celebrities twitter/ linkedin account takeover is re-use of exposed passwords in Linkedin password hack dated back in 2012, which was dumped partially on darknet and it could be a possibility that OurMine accessed it wisely.

Along with name of Peace, or Peace of Mind, a cybercriminal who was selling the hacked data on a dark web market one more actor came into Light Tessa88, the time when a website that serves as a repository of hacked credentials announced the MySpace hack. The handle Tessa88, however, apparently first surfaced in the web’s darkest corners only around April 2016, perhaps a few weeks earlier, when the cybercriminal started selling hacked databases on Russian cybercrime forums.

25 March 2016, On analysing Tessa88’s activity it was obvious that database was being sold from 25th March 2016 on russian forums.

16 May 2016, After LinkedIn Passwords Leak from here roller coster ride of OurMine started which is in full swing till now, first reported incident came up in which Hackers Hijack Big Name Accounts.The group, which calls itself OurMine Team, claims to have recently hacked the accounts of

23 September 2016, The group gained access to one of the site editors’ user account credentials, accessed the backend panel, and from there, they sent out a newsletter to all site subscribers that read “Hacked By #OurMine – Read The post!! [Important.]” Acknowledged By Variety team : The content management system for Variety was hacked Saturday by a group known as OurMine, which has attacked a growing number of companies and prominent figures in recent months.The entertainment-news website was infiltrated at approximately 9 a.m. PT. OurMine sent messages to subscribers via multiple Variety e-mail newsletters declaring, “Hacked By #OurMine – Read The post!! [Important.]”

“Hacked by OurMine team, don’t share fake news about us again, we have your database. Next time it will be public. Don’t fuck with OurMine again.”

2 November 2016, Business Insider was hacked. Acknowledged by Team saying :Business Insider was hacked on Wednesday morning.Attackers identifying themselves as OurMine posted and edited stories on the US version of the website. “Hey, don’t worry we are just testing your security, we didn’t change your password or anything,” the message said. A push notification was also sent to users of Business Insider’s app.
We apologise for the inconvenience, and are working on getting things back to normal as soon as possible.

31 July 2017, Hackers stole 1.5 terabytes of data involving hackers leaking forthcoming episodes and scripts of Game of Thrones.Reporters received an anonymous email on Sunday from the hackers that read:

“Hi to all mankind. The greatest leak of cyber space era is happening. What’s its name? Oh I forget to tell. Its HBO and Game of Thrones……!!!!!! You are lucky to be the first pioneers to witness and download the leak. Enjoy it & spread the words. Whoever spreads well, we will have an interview with him. HBO is falling.”

17 August 2017, Several HBO Twitter accounts were hacked and taken over by the notorious OurMine hacking group, posting #HBOHacked messages and warnings about security.

“Hi, it’s OurMine (Security Group), don’t worry we are just testing your…. blablablab, oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?”

“Anonymous, remember when you tried to dox us with fake information for attacking wikileaks [sic]?” the message continues. “There we go! One group beat you all! #WikileaksHack lets get it trending on twitter [sic]!”

15 September 2017, Hacker Group OurMine Targets Vevo’s Data (And Removes It By Request)Data including one-sheets on featured artists and marketing materials, supposedly 3.12 terabytes worth, was posted to OurMine’s website. Hours later, Vevo requested that the stolen info be taken down, and OurMine removed it.

In an email to NPR, OurMine, which operates anonymously, claims it did not initially intend to post the data publicly and tried to alert Vevo of the breach privately, but that Vevo responded, “F*** off, you don’t have anything.” OurMine shared a screenshot of that exchange, which lacked any identifying information and so could not be verified as taking place between the two, with NPR. Vevo would not verify the exchange to NPR when asked.